Hello, welcome to the Thursday, July 20th, 2017 edition of the Sands and Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Xavier today took a closer look at web server error logs.

Now, we collect them as part of our 404 project, as the name implies, we're looking

for 404 errors. Essentially, errors where people are looking for a certain page on your server

that doesn't exist. What we find often is that these are also attempts to find various

vulnerabilities on your site.

For example, software that you may have installed.

Now, there are, of course, your top hits like WordPress and the like.

Xavier looked a little bit at the less common logs.

And what he found is a lot of attempts to find configuration files. Configuration files,

of course, are always interesting because they may contain things like passwords and other

configuration parameters that are interesting for the attacker. They also may tell the attacker

more about how a certain piece of software

is installed, what version it's running, and whether or not it is vulnerable.

If you're interested in participating in the 404 project, pretty easy to do so.

You just have to submit essentially your 404 error logs via a little script.

I'm also about done integrating this in our Raspberry Pie Honeypot.

So if you're waiting until next week, you probably can submit logs like this using this Raspberry Pi setup.

And Apple today again updated everything, which means iOS, Mac OS, Safari for older versions of OS 10,

also watchOS, TVOS, iTunes for Apple and for Windows.

So really every piece of software that you're likely running from Apple received an update.

...